--- shadow-4.11.1/etc/login.defs.orig	2021-12-24 13:31:16.000000000 -0300
+++ shadow-4.11.1/etc/login.defs	2022-01-25 03:50:01.944724386 -0300
@@ -9,7 +9,7 @@
 # Note: When PAM is used, some modules may enforce a minimum delay (e.g.
 #       pam_unix(8) enforces a 2s delay)
 #
-FAIL_DELAY		3
+FAIL_DELAY		2
 
 #
 # Enable logging and display of /var/log/faillog login(1) failure info.
@@ -127,7 +127,7 @@
 #   Directory where mailboxes reside, _or_ name of file, relative to the
 #   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
 #
-MAIL_DIR	/var/spool/mail
+MAIL_DIR	/var/mail
 #MAIL_FILE	.mail
 
 #
@@ -144,7 +144,7 @@
 # fully-rooted pathname of a file containing such a spec.
 #
 #ENV_TZ		TZ=CST6CDT
-#ENV_TZ		/etc/tzname
+ENV_TZ		/etc/localtime
 
 #
 # If defined, an HZ environment parameter spec.
@@ -158,8 +158,8 @@
 # *REQUIRED*  The default PATH settings, for superuser and normal users.
 #
 # (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH	PATH=/sbin:/bin:/usr/sbin:/usr/bin
-ENV_PATH	PATH=/bin:/usr/bin
+ENV_SUPATH     PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ENV_PATH       PATH=/usr/local/bin:/bin:/usr/bin
 
 #
 # Terminal permissions
@@ -173,7 +173,7 @@
 # set TTYPERM to either 622 or 600.
 #
 TTYGROUP	tty
-TTYPERM		0600
+TTYPERM		0620
 
 #
 # Login configuration initializations:
@@ -199,7 +199,7 @@
 # 022 is the default value, but 027, or even 077, could be considered
 # for increased privacy. There is no One True Answer here: each sysadmin
 # must make up their mind.
-UMASK		022
+UMASK		077
 
 # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
 # home directories.
@@ -230,7 +230,7 @@
 #
 # If compiled with cracklib support, sets the path to the dictionaries
 #
-CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict
+#CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict
 
 #
 # Min/max values for automatic uid selection in useradd(8)
@@ -296,7 +296,7 @@
 # phone, home phone).  If not defined, no changes are allowed.
 # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
 #
-CHFN_RESTRICT		rwh
+CHFN_RESTRICT		frwh
 
 #
 # Password prompt (%s will be replaced by user name).
@@ -334,7 +334,7 @@
 # Note: If you use PAM, it is recommended to use a value consistent with
 # the PAM modules configuration.
 #
-#ENCRYPT_METHOD DES
+ENCRYPT_METHOD SHA512
 
 #
 # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
@@ -410,7 +410,7 @@
 # If this file exists and is readable, login environment will be
 # read from it.  Every line should be in the form name=value.
 #
-ENVIRON_FILE	/etc/environment
+#ENVIRON_FILE	/etc/environment
 
 #
 # If defined, this command is run when removing a user.
@@ -445,7 +445,7 @@
 # This option is overridden with the -M or -m flags on the useradd(8)
 # command-line.
 #
-#CREATE_HOME     yes
+CREATE_HOME     yes
 
 #
 # Force use shadow, even if shadow passwd & shadow group files are
